Iranian state-sponsored cyberwarfare is indistinguishable from script kiddies
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Mon Mar 28 18:22:30 PDT 2011
The original source of the info about the hack has now posted the private key
corresponding to one of the bogus certs at http://pastebin.com/X8znzPWH. The
public-key components are identical, haven't verified that the private key
matches yet, but I'm going to guess it will.
So a global CA wasn't 0wned by a nation-state cyberwar agency but by a random
script kiddie having some fun. Oh the embarassment :-).
Peter.
More information about the cypherpunks-legacy
mailing list